> Depends on exactly the situation- when I worked on a very expensive desktop application years ago I was warned about giving too much information in error messages as it might help crackers.

As a sysadmin (having spent 30 years dealing with desktop software) the attitude of the people who gave you that direction make me seethe with anger. Crackers gonna crack. That just hurts the people who have to make the product work in their environment.

Static analysis tools + MCP server + a debugger with an MCP server makes reverse engineering incredibly easy and low-cost.

I wrote a blog post about this recently: https://landaire.net/reverse-engineering-with-ai/

Just yesterday I completely reverse engineered several proprietary audio codecs from a game without even having to touch the static analysis tool myself.

This is security through obscurity -- can complement other methods but won't do much for you against competent adversaries.